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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



In re application of: 



Sanjay Aiyagari, et al. 



Confirmation No.: 9591 



Serial No.: 10/698,498 



Group Art Unit No.: 2161 



Filed: October 30, 2003 



Examiner: Paul Kim 



For: ROLE-BASED ACCESS CONTROL ENFORCED BY FILESYSTEM OF AN 
OPERATING SYSTEM 



Via EFS-Web 
Commissioner for Patents 
P. O. Box 1450 
Alexandria, VA 22313-1450 

ATTACHMENT TO PRE- APPEAL BRIEF CONFERENCE REQUEST FOR REVIEW 

Sir: 

Applicants request withdrawal of the final Office Action and allowance of the claims 
based on clear factual error in the rejection of Claims 1 and 10 under 35 U.S.C. § 103(a). 
Multiple features of Claims 1 and 10 are absent in the cited references, Idicula, Deinhart, and 
Jensenworth. These features are absent because (1) neither Idicula nor Jensenworth are related to 
role-based access control (RBAC) and (2) Deinhart teaches the prior art way of enforcing RBAC, 
using a system that is separate from an operating system. Therefore, it is unsurprising that even if 
one could combine Idicula, Deinhart, and Jensenworth, such a combination would still fail to 
teach or suggest the novel and non-obvious approach of Claim 1, where an operating system is 
used to enforce RBAC. 

1. Idicula fails to teach or suggest the recited access identifier 
The Final Office Action cites col. 4, lines 42-56 in Idicula for allegedly disclosing 
"creating an access identifier based on the user-identifying information and the resource identifier, 
wherein the access identifier is formatted as a file attribute that is used by the Operating System to 
manage file access" as recited in Claim 1. This is incorrect. That portion merely states that a 
database server maintains different data structures in memory, such as session objects 122, 
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session objects 122, process state objects 130, and a session pool object 140. In the claims, the 
recited access identifier is created based on user-identifying information and a resource identifier, 
but the cited portion of Idicula fails to refer to any identifiers. Furthermore, this step of Claim 1 
recites that the access identifier is formatted as a file attribute that is used by an Operating System 
to manage file access. This cited portion of Idicula fails to mention anything remotely related to 
(a) how an identifier is formatted and (b) an Operating System . 

In the "Response to Arguments" section, the Final Office Action cites col. 7, lines 57-65 
of Idicula for allegedly disclosing "a method step where the session object is associate[d] with the 
client in the process state object." This response fails to address any of the claim features or 
Applicants' arguments above. 

The Final Office Action also cites ("Response to Arguments" section, page 11) col. 5, 
lines 9-18 of Idicula for disclosing "Type I" information, which is "user information that indicates 
a user of the associated connection, the user's roles, and the user's privileges." The Final Office 
Action specifically equates Idicula 's Type I information with the recited access identifier of Claim 
1. If this were so, then Type I information would have to be (according to Claim 1) (1) created 
based on a database session object of Idicula (i.e., the alleged resource identifier), (2) formatted as 
a file attribute, and (3) used by the OS to manage file access. However, Idicula 's Type I 
information does not satisfy any. of these criteria. For example, it is clear that Type I 
information predates a database session object, which is only a temporary object that is relevant 
only for the duration of a database session. Thus, Type I information is not created based on a 
database session. 

In response to Applicants' argument that the Type I information (i.e., the alleged access 
identifier) is not formatted as a file attribute, the Final Office Action asserts that because Idicula 
states that each database session object includes Type I and II information, this somehow means 
that "it would have been obvious. . .that said information would constitute a file attribute." But 
Idicula mentions nothing about file attributes . Idicula primarily describes maintaining database 
session objects in memory of a database server. Idicula does mention that files may be stored in a 
repository within a database. However, Idicula is silent with respect to how the Type I and II 
information is formatted . It is unsurprising, then, that Type I and II information, which is 
included in a database session object, cannot be considered a file attribute. 
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2. Idicula fails to teach or suggest calling an Operating System to perform a file 
operation on a file 

The Office Action cites col. 1, lines 52-62 and col. 7, lines 19-30 of Idicula for allegedly 
disclosing "calling the Operating System to perform a file operation on the file, wherein calling 
the Operating System includes providing the access identifier to the Operating System" as recited 
in Claim 1. This is incorrect. Nowhere does Idicula teach or suggest that an operating system is 
called in the manner recited. The only portion of Idicula that refers to an operating system is 
the following: 

A session is a related series of one or more requests for services made over a 
communication channel. The channel is typically established by the operating 
system of the host for the database server and that persists for one or more 
communications from the client, depending on the communications protocol used 
by the client. 

(Emphasis added.) Thus, the only function the operating system of Idicula performs is the 
establishing of a communication channel between a database client and a database server. 
However, the operating system in Idicula is not called to perform a file operation. Therefore, 
Idicula necessarily fails to teach or suggest that calling an Operating System includes providing 
Type I and II information (i.e., the alleged access identifier) to the Operating System. 

In the "Response to Arguments" section, the Final Office Action again cites col. 1, lines 
52-62 of Idicula for disclosing that a "channel is typically established by the operating system." 
That passage only describes one function that an operating system perf orms, and that function is 
not related to calling an OS to perform a file operation on a file, nor does that function involve 
providing an access identifier to the OS . 

In the "Response to Arguments" section, the Final Office Action also cites col. 4, lines 42- 
65 of Jensenworth for disclosing "an invention wherein a Windows NT operating system is used 
to access files, shared memory and physical devices which are represented by objects." However, 
this citation of Jensenworth fails to teach or suggest providing anything similar to the recited 
access identifier to an Operating System, as Claim 1 recites . 

3. Idicula fails to teach or suggest granting a user access to the resource only when 
the Operating System call successfully performs a file operation 

The Final Office Action cites col. 7, lines 20-21 of Idicula for allegedly disclosing 

"granting the user access to the resource only when the Operating System call successfully 



Seq. No. 7841 



3 



Docket No. 50325-0805 



performs the file operation" as recited in Claim 1. This is incorrect. As indicated above, the only 
mention of an operating system in Idicula is regarding the establishment of a communication 
channel between a database client and a database server. The single mention of Idicula's 
operating system is in no way related to the granting of access to a resource . Therefore, Idicula 
fails to teach or suggest this step of Claim 1 . 

In the "Response to Arguments" section, the Final Office Action disagrees with the above 
arguments and then asserts: 

Wherein a client computer attempts to establish a connection with a database for 
database services, the database server creates and accesses the session object to 
determine whether a client user is to be granted access to the database . 
(Emphasis added.) This statement implies that a database server accesses a session object to 
determine whether a client user is to be granted access to a database. However, there is no 
support in Idicula for this assertion. A database server might create a session object in response 
to a client's attempt to establish a connection with the database. But the determination by a 
database server of whether to allow a client to establish a connection with a database does not 
involve accessing a database session object. 

The Final Office Action fails to state what in Idicula corresponds to the recited resource of 
Claim 1. For this reason alone, the Final Office Action fails to state a prima facie case of 
unpatentability. On page 10 of the "Response to Arguments" section, the Final Office Action 
equates (1) the database session object of Idicula with the recited resource identifier of Claim 
land (2) an object in Idicula with the recited resource of Claim 1. However, the Final Office 
Action fails to identify any particular object in Idicula that could be the resource. At times, the 
Final Office Action appears to equate the database of Idicula with the recited resource. However, 
it does not follow that Idicula 's system grants access to database (i.e., establish a session) only 
when an Operating System call successfully performs a file operation. 

4. The Final Office Action fails to state a prima facie case of obviousness 
On page 4, the Final Office Action asserts that it would have been obvious to combine 
Idicula and Deinhart without providing an articulation of any reason for doing so. This is 
insufficient; "there must be some articulated reasoning with some rational underpinning to 
support the legal conclusion of obviousness." KSR v. Teleflex, Inc., slip op. at 14 (2007); In re 
Kahn, 441 F.3d 977, 988 (Fed. Cir. 2006). MPEP § 2143 provides example rationales, but the 
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Final Office Action fails to use any of the example rationales when combining Idicula and 
Deinhart. 

CONCLUSION 

Applicants request that the rejections of all the pending claims be reversed. 

Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 

Date: November 10, 2009 /DanielDLedesma#57 181/ 

Daniel D. Ledesma 
Reg. No 57,181 

2055 Gateway Place Suite 550 
San Jose, California 95 1 10 
Telephone No.: (408) 414-1080 ext. 229 
Facsimile No.: (408) 414-1076 
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